2 Information Systems and IT

Fundamentals

2.1 Introduction
Information Technology is a key enabler in modern enterprises and the relevance of IT on
auditing in terms of risks; security, control and changes required in audit process and
procedures; cannot be ignored. Any enterprise needs effective and efficient ways to use
Business Process Automation (BPA), which is largely aided by Information Technology.
Information Systems, which forms the backbone of any enterprise comprises of various layers
such as: Application Software; Database Management Systems (DBMS); System Software;
Hardware; Network Links and People-Users. Further, whenever an information system has to
be deployed for the first time or some major changes are required, we need to implement
Information System Life Cycle. This has different phases which encompass System
Development, System Investigation, System Analysis, System Design, System
Implementation, System Maintenance and Review.
2.2 Need for Information Technology
Understanding ‘How IT is deployed in enterprises’ is imperative to learning about business.
IT in the present context may be referred as a computer-based tool that people use to work
with information and support the information-processing needs of an enterprise. IT allows
enterprises to work more efficiently and to maximize productivity. Faster communication,
electronic storage and the protection of records are advantages that IT can give to any
enterprise. IT enables business enterprises to differentiate their products and services from
their competitors.
2.2.1 Communication Capabilities
IT provides resources to enterprises to communicate quickly and effectively. With these
communication capabilities, enterprises can now integrate their business functions and
segments spread across different geographical areas. Any global enterprise having an
international presence can integrate its far flung business locations using communication
capabilities offered by IT.
Some of the common and efficient communication tools are Emails, Voice over Internet
Protocol (VoIP), WhatsApp Messenger etc. Skype is one such popular VoIP service, which
allows people across the world to make free, unlimited, superior quality voice calls via its
innovative peer-to-peer software.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.2

2.2.2 Data and Information Management

Today, most enterprises store digital versions of documents on servers, storage devices and
on cloud. These documents are instantly available to anyone with access rights, regardless of
their geographical location. Further, IT also enables Information Security encompassing the
protection of information from accidental or intentional misuse by persons inside or outside
an enterprise. IT security engineering systems protect enterprise electronic information from
being hacked, or wiped out during a technological disaster.
2.2.3 Automated Processes
Business Process Automation (BPA) is a strategy that is used to optimize and streamline
the essential business processes, using the latest technology to automate the functions involved
in carrying them out. BPA allows the organizations to extract maximum benefit by using the
available resources to their best advantage, while keeping the operational cost as low as
possible. Doing so helps the enterprise to generate greater profits and achieve a level of
stability that would be hard to realize without the use of automation.
2.3 Importance of IT in Auditing
Information Technology encompasses all aspects of functioning of enterprises from strategy
to operations, conception to completion and from ideation to value creation. Enterprises,
professionals as individuals are becoming increasingly dependent on IT and understand the
need to embrace IT. Information Technology is evolving at an accelerating pace and the role
of IT is transforming business processes. Auditors provide solutions to complex issues by
integrating specialized technology with their extensive experience to create new strategic
business processes. They provide assurance on the security; effectiveness and reliability of
information; applications; and new and effective business practices and processes.
2.3.1 Auditing in IT Environment
Audit broadly would involve the process of evaluating and reporting the adequacy of system
controls, efficiency, economy, effectiveness, and security practices to assure that assets and
information resources are safeguarded; that data integrity is protected; and that the system
complies with applicable policies, procedures, standards, rules, laws and regulations.
2.3.2 IT Risks and Issues
It becomes critical for enterprises to implement IT not only with right security but also to
create business value. Auditors can play a critical role in reviewing security and facilitating
enterprises to realize business value. Enterprise risks include several components such as
business risks, technology risks, operational risk and other risks.
Technology risks are faced by enterprises that are heavily driven by and dependent on
technology, especially where the types of technology used are rare and keep changing. When
the technology used fails or becomes obsolete, the enterprise may not be able to continue with
its business.

© The Institute of Chartered Accountants of India

 2.3 Information Technology

2.3.3 Need for Controls in Information Systems

With the advent of affordable hardware, technology has become a critical component of
business. Today’s dynamic global enterprises need information integrity, reliability and validity
for timely flow of accurate information throughout the organization. A well designed
information system should have controls built-in for all its sensitive or critical sections.
Information System Control procedure may include Strategy and Direction; General
Organization and Management; Access to IT resources including data and programs; System
Development Methodologies and Change Control; Operation Procedures; System
Programming and Technical Support Functions; Quality Assurance Procedures; Physical
Access Controls; Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP);
Network and Communication; Database Administration; and Protective and Detective
mechanisms against internal and external attacks.
2.3.4 Special features of auditing in an IT environment
Auditors in an IT environment are to know the methodology of audit to ensure the proper
performance of audit being carried out.
2.3.5 Impact of IT on Risks and Controls
Data handling capacity of computer combined with telecommunications technology greatly
increases ability of an individual to access and perhaps to manipulate large quantities of data -
within a relatively short time period: thus, increasing amount of potential damage or risk of
exposure.
2.3.6 Auditors’ Concern
The increased risks and changes in traditional control functions lead to a shift in the auditors
concern. The key concerns of auditor are to develop and apply new criteria in evaluating
control weaknesses in Computerized Information Systems (CIS) and to use computers to
perform some portions of audit examination.
2.4 Business Process Automation
Business Process Automation (BPA) is a process of managing information, data and
processes to reduce costs, resources and investment. BPA capabilities range from automating
a simple data-entry-manipulation task to building complex, automated financial management
processes using existing applications. The resulting benefits are cost reduction, elimination of
human error, freeing people from routine and volume, and allow management to do what they
are best at: make decisions, analyze data implications and trends and focus on providing better
customer service.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.4

The steps involved in any BPA are as follows:

Step 1 Define why we plan to implement BPA?
Step 2 Understand the rules/ regulation under which it needs to comply with?
Step 3 Document the process, we wish to automate.
Step 4 Define the objectives/goals to be achieved by implementing BPA.
Step 5 Engage the business process consultant.
Step 6 Calculate the ROI for project.
Step 7 Development of BPA.
Step 8 Testing the BPA.
2.4.1 Business Process Management
Business Process Management (BPM) is the methodology used by enterprises to improve
end-to-end business processes in various stages. An Enterprise Resource Planning (ERP)
application divides BPM into the phases: Analysis, Design, Implementation, Run & Monitor
and Optimize. BPA makes existing processes more efficient, not only at enterprise level but
even for desktop users’ through simple workflows, access and authorizations. BPA application
ties up these activities – Integration, Orchestration and Automation.
2.5 Computing
Computing may be defined as any goal-oriented activity requiring, benefiting from or creating
computers. It includes designing and building hardware and software systems for a wide range
of purposes; processing, structuring, and managing various kinds of information; doing
scientific studies using computers; making computer systems behave intelligently; creating and
using communications and entertainment media; finding and gathering information relevant
to any particular purpose, and so on.
2.6 Computing Technologies
Brief overview of some of the key computing technologies are given as follows:
2.6.1 Server
From a hardware perspective, a server is a computer (hardware) or device on a network
dedicated to run one or more services (as a host), to serve the needs of the users of other
computers on a network. In client-server architecture, a server is a computer program running
to serve the requests of other programs, the "clients". Thus, the server performs some
computational task on behalf of "clients". The clients either run on the same computer or they
connect through the network. Servers are often dedicated, meaning that they perform no other
tasks besides their server tasks.

© The Institute of Chartered Accountants of India

 2.5 Information Technology

2.6.2 Popular Computing Architecture

Computer architecture is the art that specifies the relations and parts of a computer system. In
computer engineering, Computer Architecture is the conceptual design and fundamental
operational structure of a computer system. The computer is based on a fixed hardware
platform capable of executing a fixed repertoire of instructions. CPU, the centre piece of the
computer’s architecture, is in charge of executing the instructions of the currently loaded
program. These instructions tell the CPU to carry out various calculations, to read and write
values from and into the memory, and to conditionally jump to execute other instructions in
the program. Popular computing architecture used today is called Instruction Set
Architecture (ISA). Computer architecture includes at least three main subcategories:
Instruction Set Architecture, Micro-Architecture and System Design.
2.6.3 Emerging Computing Models
(I) Cloud Computing: Cloud Computing is the use of various services such as software
development platforms, servers, storage, and software over the Internet, often referred to as
the "cloud."
A. Cloud Computing Environment: The cloud computing environment can consist of
multiple types of clouds based on their deployment and usage – Public, Private, Community
and Hybrid.
B. Cloud Computing Architectural Considerations: A cloud computing architecture
consists of two parts - Front End and a Back End that connect to each other through a
network, usually the Internet.
C. Service Models of Cloud Computing: Mainly, there are five Cloud Computing Service
based models. These are Information as a Service (IaaS), Software as a Service (SaaS),
Platform as a Service (PaaS), Network as a Service (NaaS) and Communication as a
Service (CaaS).
(II) Mobile Computing: Mobile Computing is the use of portable computing devices
(such as laptop and handheld computers) in conjunction with mobile communications
technologies to enable users to access the Internet and data on their home or work computers
from anywhere in the world. It is a human-computer interaction by which a computer is
expected to be transported during normal usage. Mobile computing involves Mobile
Communication, Mobile Hardware and Mobile Software.
A. Business Applications of Mobile Computing: Mobile devices provide the capability
to conduct business anywhere and enable users to seamless communicate and access
information whether they are in the office or anywhere. The change driven largely by video,
web-browsing, gaming and other entertainment related applications is one of the hottest trends
in the consumer sector.
B. Mobile Computing Concerns: Major concerns relating to mobile computing are
dangers of misrepresentation; Power consumption; and security concerns.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.6

2.7 Information System Layers

The layers are discussed as follows:
Component Explaination
2.7.1 Application This includes all those computer software that cause a
Software computer to perform useful tasks beyond the running of
the computer itself. Application Suite, Enterprise
Software, Enterprise Infrastructure Software, Information
Worker Software, Content Access Software, Educational
Software and Media Development Software are the
application software.
2.7.2 Database DBMS are software that aid in organizing, controlling
Management and using the data needed by the application
Systems (DBMS) programme. Commercially available DBMS are
Oracle, My SQL, SQL Servers and DB2 etc.
2.7.3 System Software System software is computer software that is designed
to operate the computer hardware and to give and
maintain a platform for running application software.
Example - Operating System.
2.7.4 Hardware Hardware basically consists of devices that perform
the functions of input, processing, data storage and
output activities of the computer.
2.7.5 Network Links Effective and efficient communication is a valuable
resource which helps in good management. To enable
this communication, we need communication
networks.
2.7.6 People/Users The people involved include users of the system and
information systems personnel, including all the
people who manage, run, program, and maintain the
system.

2.8 Information System Life Cycle

This is commonly referred as Software/System Development Life Cycle (SDLC), which
is a methodology used to describe the process of building information systems. It is the logical
starting point in the entire life cycle of a computerized system. SDLC framework provides a
sequence of activities for system designers and developers to follow. It consists of a set of
steps or phases in which each phase of the SDLC uses the results of the previous one. An
SDLC adheres to important phases that are essential for developers, such as Investigation;
Analysis, Design; Implementation and Maintenance and Review.

© The Institute of Chartered Accountants of India

 2.7 Information Technology

INVESTIGATE
Understand the
Problem
MAINTENANCE & ANALYSE
REVIEW Assess the
Evaluate Results Solutions

IMPLEMENT DESIGN
Put Solution Design or select the
into affect best solution

2.9 Recent Technologies/Devices

Technology is evolving in nature and accordingly, various new technologies such as Bluetooth,
Wi-Fi, Laptop, Tablet, SmartPhone, Touchpad etc. have evolved which effect enterprises.
Question 1
Define the following:
(a) Multiprocessing (b) Hardware Virtualization
(c) Cloud Computing (d) Groupware
(e) Computer Bus (f) Memory Controller
(g) Direct Memory Access (DMA)
Answer
(a) Multiprocessing: Multiprocessing is the use of two or more Central Processing
Units (CPUs) within a single computer system to allocate tasks between them.
(b) Hardware Virtualization: Hardware Virtualization or Platform Virtualization refers to
the creation of a virtual machine that acts like a real computer with an operating system.
Software executed on these virtual machines is separated from the underlying hardware
resources.
(c) Cloud Computing: Cloud computing is the use of various services, such as software
development platforms, servers, storage, and software, over the Internet, often referred to
as the "cloud."

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.8

(d) Groupware: Groupware also known as Team-ware, Collaboration Software is software

that allows collective and collaborative working of teams from different geographical
locations on an online and real-time basis.
(e) Computer Bus: Computer Bus is a communication system that transfers data between
components inside a computer, or between computers that covers all related hardware
components (wire, optical fiber, etc.) and software, including communication protoc ol.
(f) Memory Controller: Memory Controller is a digital circuit which manages the flow of data
going to and from the main memory and can be a separate chip or integrated into another
chip.
(g) Direct Memory Access (DMA): Direct Memory Access (DMA) is a feature of
modern computers that allows certain hardware subsystems within the computer to access
system memory independently of the Central Processing Unit (CPU).
Question 2
Write short notes on the following:
(a) Bluetooth
Or
What is Bluetooth? Name some devices that utilize Bluetooth technology.
(b) Wi-Fi (c) Tablet
(d) SmartPhone (e) Touchpad
(f) Notebook (g) Cache Memory
(h) Virtual Memory (i) Instruction Set Architecture (ISA)
(j) Micro Architecture (k) Software as a Service (SaaS)
(l) Android (m) WhatsApp Messenger
Answer
(a) Bluetooth: Bluetooth is a wireless technology standard for exchanging data over short
distances up to 50 meters (164 feet) from fixed and mobile devices, creating personal Area
Networks (PANs) with high levels of security. Bluetooth is like a very low-power, short-
range radio signal which is secure from the moment they're sent, so unlike any other
wireless network we don't have to worry about turning on security. Few devices that utilize
Bluetooth technology are Keyboards and mice, Printers, mobile phones and headsets,
PDAs (Personal Digital Assistants), Desktop and laptop computers, Digital cameras, and
Remotes. Using a mobile phone with Bluetooth enabled; we can send pictures, videos,
exchange business cards and transfer files to our PC. Both data and voice transmissions
can be sent and received using short range networks.
(b) Wi-Fi: Wi-Fi is a popular wireless networking technology that uses radio waves to provide
wireless high-speed Internet and network connections. Wi-Fi networks have limited range.

© The Institute of Chartered Accountants of India

 2.9 Information Technology

A typical wireless access point might have a range of 32 meters (120 ft.). Wi-Fi can be less
secure than wired connections because an intruder does not need a physical connection.
Wi-Fi networks use radio technologies called 802.11 to provide secure, reliable, fast
wireless connectivity. A Wi-Fi network can be used to connect electronic devices to each
other, to the Internet, and to wired networks (which use Ethernet technology). Wi-Fi
networks work well for small businesses providing connectivity between mobile
salespeople, floor staff and behind-the-scenes finance and accounting departments.
(c) Tablet: A Tablet computer, or simply tablet is a one piece general-purpose computer
contained in a single panel. Its distinguishing characteristic is the use of a touch screen as
the input device. Tablet PCs have extreme portability, easy to use interfaces and the wide
range of ways they can be used. Some features of Tablets are as follows:
 Input Method: Tablets rely solely on a touch interface on the screen for all input.
 Size: Tablets have the size roughly of a small pad of paper and a weight that is less
than one Kg.
 Battery Life: Tablets are designed for efficiency because of the low power
requirements of their hardware components. Tablets can achieve all day usage.
 Storage Capacity: Most tablets come with configurations that allow between 16 and
64 gigabytes of storage.
 Performance: Most tablet PCs are based on extremely low powered processors more
suited for tasks like email, web browsing, playing video or audio.
 Software: The two major tablet platforms are Android and iOS amongst plenty of
applications that are available.
 Wireless: Because tablets by design are mobile computers; most of them have Wi-
Fi, blue tooth and mobile connectivity.
(d) SmartPhone: A SmartPhone is a mobile phone built on a mobile operating system with
more advanced computing capability connectivity than a feature phone. This handheld
device integrates mobile phone capabilities with the more common features of a handheld
computer or PDA. Smartphone allows users to store information, e-mail and install
programs, along with using a mobile phone in one device. Modern SmartPhones also
include high-resolution touch screens and web browsers that display standard web pages
as well as mobile-optimized sites. High-speed data access is provided by Wi-Fi and mobile
broadband.
(e) Touchpad: A Touchpad is a pointing device featuring a tactile sensor, a specialized
surface that can translate the motion and position of a user's fingers to a relative position
on screen. Touchpad is a common feature of laptop computers, can also be found on
Personal Digital Assistants (PDAs) and some portable media players.
(f) Notebook: Notebook is an extremely lightweight personal computer that typically weighs
less than 3 Kg and is small enough to fit easily in a briefcase. Notebook computers use

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.10

flat-panel technologies to produce a lightweight and non-bulky display screen. Modern

notebook computers are almost equivalent to personal computers having the same CPUs,
memory capacity and disk drives.
(g) Cache Memory: Cache Memory (pronounced as cash) is a smaller, faster memory which
stores copies of the data from the most frequently used main memory locations so that
Processor/Registers can access it more rapidly than main memory. It is the property of
locality of reference, which allows improving substantially the effective memory access
time in a computer system.
(h) Virtual Memory: Virtual Memory is an imaginary memory area supported by some
operating systems (for example, Windows) in conjunction with the hardware. If a computer
lacks the Random Access Memory (RAM) needed to run a program or operation, Windows
uses virtual memory to compensate. Virtual memory combines computer’s RAM with
temporary space on the hard disk. When RAM runs low, virtual memory moves data from
RAM to a space called a paging file. Moving data to and from the paging file frees up RAM
to complete its work. Thus, Virtual memory is an allocation of hard disk space to help RAM.
(i) Instruction Set Architecture (ISA): It is the abstract model of a computing system that is seen
by a machine language programmer, including the instruction set, memory address modes,
processor registers, and address and data formats. Instruction Set Architecture (ISA) is related
to the programming of a computer – that is, how the computer understands, what each element
in its basic language means, what instructions are to be carried out and in what order, etc. The
ISA basically deals with what the chip does.
(j) Micro architecture: It, also known as Computer organization, is a lower level detailed
description of the system that is sufficient for completely describing the operation of all
parts of the computing system, and how they are inter-connected and inter-operate in order
to implement the ISA. The Micro architecture can be seen as how the ISA does and what
it does. It is the term used to describe the resources and methods used to achieve
architecture specification. The term typically includes the way in which these resources are
organized as well as the design techniques used in the processor to reach the target cost
and performance goals. The micro architecture essentially forms a specification for the
logical implementation.
(k) Software as a Service (SaaS): It includes a complete software offering on the cloud. Users
can access a software application hosted by the cloud vendor on pay-per-use basis. SaaS
is a model of software deployment where an application is hosted as a service provided to
customers across the Internet by removing the need to install and run an application on a
user’s own computer. SaaS can alleviate the burden of software maintenance and support
but users relinquish control over software versions and requirements.
(l) Android: Android is a Linux-based operating system designed primarily for touch screen
mobile devices such as smart phones and tablet computers. Android is an open source
and the permissive licensing allows the software to be freely modified and distributed by
device manufacturers, wireless carriers and enthusiast developers. Android provides

© The Institute of Chartered Accountants of India

 2.11 Information Technology

access to a wide range of useful libraries and tools that can be used to build rich
applications.
(m) WhatsApp Messenger: It is a cross-platform mobile messaging application which allows
us to exchange messages without having to pay for SMS. It is available for iPhone,
BlackBerry, Android, Windows phone, Nokia and these phones can message each other.
Because WhatsApp Messenger uses the same internet data plan that we use for e -mail
and web browsing, there is no cost to message and stay in touch with friends.
Question 3
What are the three critical pillars of Business Process Automation (BPA)?
Answer
Business Process Automation rests on the following three critical pillars:
 Integration: BPA allows applications and operating systems not only to read data that the
systems produce, but also to pass data between the component applications of the
business process and to modify the data as necessary.
 Orchestration: The process of orchestration enables the ability to bring tasks that exist
across multiple computers and different business departments or branches under one
umbrella that is the business process itself.
 Automation: Orchestration and integration unite with automation to deliver the c apability
to provide a rule-based process of automatic execution that can span multiple systems and
enable a more effective, nimble and efficient business process.
Question 4
Discuss some of the benefits of using Business Process Automation.
Answer
Some benefits of using Business Process Automation include:
 Reducing the Impact of Human Error: BPA removes human participation in the process,
which is the source of many errors.
 Transforming Data into Information: BPA can, apart from collecting and storing data
also analyze data and make it available in a form that is useful for decision -making.
 Improving performance and process effectiveness: In many cases, tasks that must be
done manually are the bottleneck in the process. Automating those manual tasks speeds
up the effective throughput of the application.
 Making users more efficient and effective: People can focus their energies on the tasks
they do best, allowing the computers to handle those that machines are best suited for.
 Making the business more responsive: Business can easily automate new applications
and processes as they are introduced.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.12

 Improving Collaboration and Information Sharing: Business processes designed

through a collaborative interface mean Information Technology can integrate its processes
with the business-side logic that drives day-to-day operations.
Question 5
Discuss different types of servers based on the services they provide.
Answer
There are different types of servers based on the nature of service they provide. Some of them
are given as follows:
 File server: This is a computer and storage device dedicated to storing files. Any user on
the network can store files on the server.
 Print server: This is a computer that manages one or more printers.
 Network server: This is a computer that manages network traffic.
 Database server: This is a computer system that processes database queries.
 Application Server: This is a program that handles all application operations between
users and an enterprise's backend business applications or databases.
 Web Server: Web server is a computer that delivers (serves up) web pages. Every web
server has an IP address and possibly a domain name. For example, if we enter the URL
http://www.icai.org in our browser, this sends a request to the Web server whose domain
name is icai.org. The server then fetches the named home page and sends it to our
browser. Any computer can be turned into a Web server by installing server software and
connecting the machine to the Internet.
 Mail Server: Mail server moves and stores mail over corporate networks.
Question 6
What is Cloud Computing? Describe any three types of clouds in cloud computing environment.
Or
What are the different types of clouds in a Cloud computing environment?
Answer
Cloud Computing: Cloud computing is the use of various services, such as software
development platforms, servers, storage, and software, over the Internet, often referred to as
the "Cloud."
The Cloud Computing environment can consist of multiple types of clouds based on their
deployment and usage. They are Public Cloud, Private/Internal Cloud, Community Cloud
and Hybrid Cloud.
 Public Clouds: The public cloud is made available to the general public or a large industry
group. They are administrated by third parties or vendors over the Internet, and services

© The Institute of Chartered Accountants of India

 2.13 Information Technology

are offered on pay-per-use basis. It is widely used in the development, deployment and
management of enterprise applications, at affordable costs; and allows organizations to
deliver highly scalable and reliable applications rapidly and at more affordable costs.
 Private/Internal Clouds: This cloud computing environment resides within the boundaries
of an organization and is used exclusively for the organization’s benefits. They are built
primarily by IT departments within enterprises who seek to optimize utilization of
infrastructure resources within the enterprise by provisioning the infrastructure with
applications using the concepts of grid and virtualization. The Private Cloud enables an
enterprise to manage the infrastructure and have more control.
 Community Clouds: This is the sharing of computing infrastructure in between
organizations of the same community. For example, all Government organizations within
India may share computing infrastructure on the cloud to manage data. The risk is that
data may be stored with the data of competitors.
 Hybrid Clouds: It is a composition of two or more clouds (Private, Community or Public)
and is maintained by both internal and external providers. Though they maintain their
unique identity, they are bound together by standardized data and application portability.
With a hybrid cloud, organizations might run non-core applications in a public cloud, while
maintaining core applications and sensitive data in-house in a private cloud.
Question 7
Discuss Cloud Computing architecture.
Answer
Cloud Computing architecture refers to the components and subcomponents that typically
consist of a front end platform (fat client, thin client, mobile device), back end platform (servers,
storage), a cloud based delivery, and a network (Internet, Intranet, Intercloud). Cloud
architecture typically involves multiple cloud components communicating with each other over
a tight or loose coupling of cloud resources, services, middleware, and software components.
A cloud computing architecture consists of two parts - Front End and a Back End that connect
to each other through a network, usually the Internet. The front end is the side the computer
user or client, sees. The back end is the “cloud” section of the system.
 Front End: The front end of the cloud computing system comprises of the client’s devices
(or it may be a computer network) and some applications are needed for accessing the
cloud computing system. All the cloud computing systems do not give the same interface
to users. For example - Web services like electronic mail programs use some existing web
browsers such as Firefox, Microsoft’s Internet Explorer or Apple’s Safari. Other types of
systems have some unique applications which provide network access to its clients.
 Back End: Back end refers to some physical peripherals. In cloud computing, the back
end is cloud itself which may encompass various computer machines, data storage
systems and servers. Groups of these clouds make a whole cloud computing system.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.14

Theoretically, a cloud computing system can include practically any type of web application
program such as video games to applications for data processing, software development
and entertainment residing on its individual dedicated server for services. There are some
set of rules, generally called as Protocols which are followed by this server and it uses a
special type of software termed as Middleware that allow computers that are connected
on networks to communicate with each other. If any cloud computing service provider has
many customers, then there’s likely to be very high demand for huge storage space. Many
companies that are service providers need hundreds of storage devices.
Question 8
Discuss Service models of Cloud Computing.
Answer
Service Models of Cloud Computing are as follows:
 Infrastructure as a Service (IaaS): It is the foundation of cloud services that provides
clients with access to server hardware, storage, bandwidth and other fundamental
computing resources. The service is typically paid for on a usage basis and may also
include dynamic scaling so that if the customer needs more resources than expected, s/he
can get them on the fly (probably to a given limit). It provides access to shared resources
on need basis, without revealing details like location and hardware to clients.
 Software as a Service (SaaS): It includes a complete software offering on the cloud. Users
can access a software application hosted by the cloud vendor on pay-per-use basis. SaaS
is a model of software deployment where an application is hosted as a service provided to
customers across the Internet by removing the need to install and run an application on a
user’s own computer. SaaS can alleviate the burden of software maintenance and support
but users relinquish control over software versions and requirements.
 Platform as a Service (PaaS): It provides clients with access to the basic operating
software and optional services to develop and use software applications (e.g. databas e
access and payment service) without the need to buy and manage the underlying
computing infrastructure. For example, Google App Engine allows clients to run their web
applications (i.e. software that can be accessed using a web browser such as Internet
Explorer over the internet) on Google’s infrastructure.
 Network as a Service (NaaS): It is a category of cloud services where the capability
provided to the cloud service user is to use network/transport connecting services. NaaS
involves optimization of resource allocation by considering network and computing
resources as a whole. Some of the examples are: Virtual Private Network, Mobile Network
Virtualization etc.
 Communication as a Service (CaaS): CaaS is an outsourced enterprise communication
solution that can be leased from a single vender. The CaaS vendor is responsible for all
hardware and software management and offers guaranteed Quality of Service (QoS). It

© The Institute of Chartered Accountants of India

 2.15 Information Technology

allows businesses to selectively deploy communication devices and modes on a pay-as-

you-go, as-needed basis. This approach eliminates the large capital investments.
Examples are: Voice over IP (VoIP), Instant Messaging (IM), Collaboration and
Videoconferencing application using fixed and mobile devices.
Question 9
What is Mobile Computing? Discuss its components.
Answer
Mobile Computing: Mobile Computing is the use of portable computing devices (such as laptop
and handheld computers) in conjunction with mobile communication technologies to enable
users to access the Internet and data on their home or work computers from anywhere in the
world. Mobile computing is enabled by use of mobile devices (portable and hand held computing
devices) such as PDA, laptops, mobile phones, MP3 players, digital cameras, tablet PC and
Palmtops on a wireless network.
Mobile computing involves Mobile Communication, Mobile Hardware and Mobile Software;
which are discussed as follows:
 Mobile Communication: Mobile Communication refers to the infrastructure put in place
to ensure that seamless and reliable communication goes on. These would include devices
such as Protocols, Services, Bandwidth and Portals necessary to facilitate and support the
stated services. The data format is also defined at this stage. The signals are carried over
the air to intended devices that are capable of receiving and sending similar kind of signals.
It will incorporate all aspects of wireless communication.
 Mobile Hardware: Mobile Hardware includes mobile devices or device components that
receive or access the service of mobility. They would range from Portable laptops, Smart
phones, Tablet PC’s to Personal Digital Assistants. These devices will have receptors that are
capable of sensing and receiving signals. These devices are configured to operate in full-
duplex, whereby they are capable of sending and receiving signals at the same time.
 Mobile Software: Mobile Software is the actual program that runs on the mobile hardware.
It deals with the characteristics and requirements of mobile applications. This is the engi ne
of that mobile device. In other terms, it is the operating system of that appliance. It is the
essential component that makes the mobile device operates.
Question 10
What is a Database Model? Discuss its various types.
Answer
A Database Model is a type of data model that determines the logical structure of a database
and fundamentally determines in which manner data can be stored, organized and manipulated.
Some prominent database models are as follows:

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.16

A. Hierarchical Database Model: In a hierarchical database model, records are logically

organized into a hierarchy of relationships. A hierarchically structured database is arranged
logically in an inverted tree pattern.
All records in hierarchy are called nodes. The top parent record in the hierarchy is called
the root record. Records that “own”
other records are called parent Pavement Improvement

records. Each node is related to the

others in a parent-child relationship. Reconstruction Maintenance Rehabilitation
Each parent record may have one or
more child records, but no child record Routine Corrective Preventive
may have more than one parent record.
Thus, the hierarchical data structure implements one-to-one and one-to-many
relationships. (Refer the fig.)
B. Network Database Model: The network model is a variation on the hierarchical model
such that it is built on the concept of multiple branches (lower-level structures) emanating
from one or more nodes (higher-level structures) and that branch may be connected to
multiple nodes. The network model is able to represent redundancy in data more efficiently
than in the hierarchical model. The network model also permits a record to be a member
of more than one set at one time that allows the network model to implement the many-to-
one and the many-to-many relationship types.
Owners of repair vendor-
Repair Repair Repair Repair
repair binvoice set
Vendor 1 Vendor 2 Vendor 3 Vendor 4
Repair vendor-repair
invoice owner-member sets

Repair Repair Repair Repair Repair Repair Members of repair vendor-

Invoice 1 Invoice 2 Invoice 3 Invoice 4 Invoice 5 Invoice 6 repair invoice set
Equipment-repair invoice
owner-member sets

Owners of equipment-
Equip 1 Equip 2 Equip 3 Equip 4 Equip 5 Equip 6 Equip 7 Equip 8
repair invoice set

C. Relational Database Model: A relational database allows the definition of data and their
structures, storage and retrieval operations and integrity constraints that can be organized
in a table structure. A table is a collection of records and each record in a table contains
the same fields. Three key terms are used extensively in relational database models:
Relations, Attributes and Domains. A relation is a table with columns and rows. The
named columns of the relation are called attributes, and the domain is the set of values
the attributes can take.
A relational database contains multiple tables, with at least similar value occurring in two
different records (belonging to the same table or to different tables) that implies a
relationship among those two records. Tables can also have a designated single attribute

© The Institute of Chartered Accountants of India

 2.17 Information Technology

or a set of attributes that can act as a "key" which can be used to uniquely identify each
record in the table. A key that can be used to uniquely identify a row in a table is called a
Primary key. Any column can be a key, or multiple columns can be grouped together into
a Compound key.
D. Object Oriented Data Base Model (OODBMS): It is based on the concept that the world
can be modeled in terms of objects and their interactions. An Object -oriented database
provides a mechanism to store complex data such as images, audio and video, etc. An
OODBMS helps programmers make objects created in a programming language behave
as a database object. Object-oriented programming is based on a series of working
objects. Each object is an independently functioning application or program, assigned with
a specific task or role to perform. An OODBMS is a relational database designed to manage
these independent programs, using the data produced to quickly respond to requests for
information by a larger application.
Question 11
What is an Operating System? Discuss various activities it performs.
Answer
An Operating System (OS) is a set of computer programs that manages computer hardware
resources and acts as an interface with computer applications programs. The operating system
is a vital component of the system software in a computer system. Application programs usually
require an operating system to function that provides a convenient environment to users for
executing their programs. Computer hardware with operating system can thus be viewed as an
extended machine which is more powerful and easy to use. Some prominent Operating systems
used nowadays are Windows 7, Windows 8, Linux, UNIX, etc.
A variety of activities are executed by Operating systems which include:
 Performing hardware functions: Application programs to perform tasks must obtain input
from keyboards, retrieve data from disk & display output on monitors. Achieving all this is
facilitated by operating system that acts as an intermediary between the application
program and the hardware.
 User Interfaces: An important function of any operating system is to provide user
interface. DOS has a Command based User Interface (UI) i.e. text commands were given
to computer to execute any command, whereas Windows has Graphic User Interface
(GUI) which uses icons & menus.
 Hardware Independence: Every computer could have different specifications and
configurations of hardware. Operating system provides Application Program Interfaces
(API) which can be used by application developers to create application software , thus
obviating the need to understand the inner workings of OS and hardware. Thus, OS gives
us hardware independence.
 Memory Management: Memory Management features of Operating System control how
memory is accessed and maximizes available memory & storage. Operating systems also

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.18

provides Virtual Memory by carving an area of hard disk to supplement the functional
memory capacity of RAM.
 Task Management: Task Management feature of Operating system helps in allocating
resources to make optimum utilization of resources. This facilitates a user to work with
more than one application at a time i.e. multitasking and allows more than one user to use
the system i.e. timesharing.
 Networking Capability: Operating systems can provide systems with features &
capabilities to help connect computer networks. Like Linux & Windows 8 give us an
excellent capability to connect to internet.
 Logical Access Security: Operating systems provide logical security by establishing a
procedure for identification & authentication using a User ID and Password. It can log the
user access thereby providing security control.
 File Management: The Operating System keeps a track of where each file is stored and
who can access it, based on which it provides the file retrieval.
Question 12
What is CPU? What are the three functional units of a Central Processing Unit (CPU)?
Answer
The Central Processing Unit (CPU or microprocessor) is the actual hardware that interprets and
executes the program (software) instructions and coordinates how all the other hardware
devices work together. The CPU is built on a small flake of silicon and can contain the equivalent
of several million transistors. We can think of transistors as switches which could be “ON” or
“OFF” i.e., taking a value of 1 or 0. The processor or CPU is like the brain of the computer. The
main function of CPU is to execute programs stored in memory. It consists of three functional
units:
 Control Unit (CU): CU controls the flow of data and instruction to and from memory,
interprets the instruction and controls which tasks to execute and when.
 Arithmetic and Logical Unit (ALU): Performs arithmetic operations such as addition,
subtraction, multiplication, and logical comparison of numbers: Equal to, Greater than,
Less than, etc.
 Registers: These are high speed memory units within CPU for storing small amount of
data (mostly 32 or 64 bits). Registers could be:
 Accumulators: They can keep running totals of arithmetic values.
 Address Registers: They can store memory addresses which tell the CPU as to
where in the memory an instruction is located.
 Storage Registers: They can temporarily store data that is being sent to or coming
from the system memory.
 Miscellaneous: These are used for several functions for general purpose.

© The Institute of Chartered Accountants of India

 2.19 Information Technology

Question 13
Discuss Information System Life Cycle.
Answer
Information System Life Cycle is commonly referred as Software/System Development Life
Cycle (SDLC) which is a methodology used to describe the process of building information
systems. SDLC framework provides a sequence of activities for system designers and
developers to follow. It consists of a set of steps or phases in which each phase of the SDLC
uses the results of the previous one. Various phases for developing an Information System are
given as follows:
Phase 1: System Investigation: This phase examines that ‘What is the problem and is it worth
solving’? A feasibility study is done under the dimensions – Technical, Economical, Legal,
Operational etc.
Phase 2: System Analysis: This phase examines that ‘What must the Information System do
to solve the problem’? System analyst would be gathering details about the current system and
will involve interviewing staff; examining current business; sending out questionnaires and
observation of current procedures.
The Systems Analyst will examine data and information flows in the enterprise using data flow
diagrams; establish what the proposed system will do (not how it will do it); analyze costs and
benefits; outline system implementation options. (For example: in-house or using consultants);
consider possible hardware configurations; and make recommendations.
Phase 3: System Designing: This phase examines that ‘How will the Information System do
what it must do to obtain the solution to the problem’? This phase specifies the technical aspects
of a proposed system in terms of Hardware platform; Software; Outputs; Inputs; User interface;
Modular design; Test plan; Conversion plan and Documentation.
Phase 4: System Implementation: This phase examines that ‘How will the solution be put into
effect’? This phase involves coding and testing of the system; acquisition of hardware and
software; and either installation of the new system or conversion of the old system to the new
one.
Phase 5: System Maintenance and Review: This phase evaluates results of solution and
modifies the system to meet the changing needs. Post implementation review would be done to
address Programming amendments; Adjustment of clerical procedures; Modification of Reports,
and Request for new programs.
Question 14
Differentiate between the following:
(a) Random Access Memory and Read Only Memory
(b) Hierarchical Database Model and Network Database Model
(c) Complex Instruction Set Computer (CISC) and Reduced Instruction Set Computer (RISC)

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.20

Answer
(a) The differences between Random Access Memory (RAM) and Read Only Memory (ROM)
are given below:
Random Access Memory (RAM) Read Only Memory (ROM)
RAM is a volatile memory and when the Unlike RAM, ROM is non-volatile. The
computer is turned off, RAM loses its contents of ROM remain even after the
data. When the computer is turned on computer is switched off.
again, operating system and other files
are once again loaded into RAM usually
from the hard disk.
This is Read Write memory wherein Originally, the ROM used to be read-only;
information can be read as well as however, the new versions of ROM allow
modified. limited rewriting making it possible to
upgrade firmware such as the BIOS by
using installation software.
(b) The differences between Hierarchical Database Model and Network Database Model are
given below:
Hierarchical Database Model Network Database Model
The hierarchical model permits a record Unlike the hierarchical mode, the network
to be a member of only one set at one model permits a record to be a member of
time. more than one set at one time.
The hierarchical data structure The network model allows us to represent
implements one-to-one and one-to-many one-to-one, one-to-many and many-to-
relationships. many relationships.
Each parent record may have one or Each parent record may have one or more
more child records, but no child record child records, and even a child record may
may have more than one parent record. have more than one parent record.
The hierarchical model does not The network model can represent
represent redundancy in data efficiently. redundancy in data more efficiently than
in the hierarchical model.
The hierarchical data structures require The network data structures can be
specific entrance points to find records in entered and traversed more flexibly.
a hierarchy.
(c) Complex Instruction Set Computer (CISC): If the Control Unit contains several micro-
electronic circuitries to generate a set of control signals and each micro-circuitry is
activated by a micro-code, this design approach is called CISC design. Examples of CISC
processors are: Intel 386, 486, Pentium, Pentium Pro, Pentium II, Pentium III processors
etc. CISC chips have a large, variable length and complex instructions and generally make

© The Institute of Chartered Accountants of India

 2.21 Information Technology

use of complex addressing modes. Different machine programs can be executed on CISC
machine. Since CISC processors possess so many processing features, the job of machine
language programmers becomes easier. But at the same time, they are complex as well
as expensive to produce. Now-a-days, most of the personal computers use CISC
processors.
Reduced Instruction Set Computer (RISC): To execute each instruction, if there is
separate electronic circuitry in the control unit, which produces all the necessary signals,
this approach of the design of the control section of the processor is called RISC design.
It is also called hard-wired approach. Examples of RISC processors: IBM RS6000,
MC88100 processors etc. RISC processors use a small and limited number of instructions
and mostly use hardwired control unit. These consume less power and are having high
performance. RISC processors use simple addressing modes and RISC instruction is of
uniform fixed length. Since RISC processors have a small instruction set, they place extra
demand on programmers who must consider how to implement complex computations by
combining simple instructions. However, RISC processors are faster, less complex and
less expensive than CISC processors because of their simpler design.
Question 15
What is mobile computing? What are the three major concerns related to mobile computing?
Answer
Mobile Computing: Mobile Computing is the use of portable computing devices (such as laptop
and handheld computers) in conjunction with mobile communication technologies to enable
users to access the Internet and data on their home or work computers from anywhere in the
world. Mobile computing is enabled by use of mobile devices (portable and hand held computing
devices) such as PDA, laptops, mobile phones, MP3 players, digital cameras, tablet PC and
Palmtops on a wireless network.
Major concerns relating to mobile computing are given as follows:
 Mobile computing has its fair share of security concerns as any other technology.
 Dangers of misrepresentation - Another problem plaguing mobile computing are credential
verification.
 Power consumption - When a power outlet or portable generator is not available, mobile
computers must rely entirely on battery power.
 Potential health hazards
Question 16
Name the various phases of System Development Life Cycle (SDLC) in the logically correct
order.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.22

Answer
The various phases of System Development Life Cycle (SDLC) are as follows:
 Phase 1: System Investigation
 Phase 2: System Analysis
 Phase 3: System Designing
 Phase 4: System Implementation
 Phase 5: System Maintenance and Review
Question 17
What is Server? Briefly explain any four types of servers based on the nature of service they
provide.
Answer
Server: A server is a computer program running to serve the requests of other programs, the
"clients". Servers are often dedicated, meaning that they perform no other tasks besides
their server tasks. The clients either run on the same computer, or they connect through
the network. Some of the different types of servers based on the nature of service they
provide are as follows:
 File server: This is a computer and storage device dedicated to storing files. Any user on
the network can store files on the server.
 Print server: This is a computer that manages one or more printers.
 Network server: This is a computer that manages network traffic.
 Database server: This is a computer system that processes database queries.
 Application Server: This is a program that handles all application operations between
users and an enterprise's backend business applications or databases.
 Web Server: Web server has an IP address and possibly a domain name, and is the
computer that delivers (serves up) web pages.
 Mail Server: Mail servers move and store mail over corporate networks.
Question 18
(a) Mention briefly the different types of application software.
(b) What are the major advantages and disadvantages of DBMS?

© The Institute of Chartered Accountants of India

 2.23 Information Technology

Answer
(a) The different types of application software are as under:
 Application Suite: Has multiple applications bundled together. Related functions,
features and user interfaces interact with each other. E.g. MS Office 2010 which has
MS Word, MS Excel, MS Access, etc.
 Enterprise Software: Addresses an enterprise’s needs and data flow in a huge
distributed environment. E.g. ERP Applications like SAP.
 Enterprise Infrastructure Software: Provides capabilities required to support
enterprise software systems. E.g. email servers, Security software.
 Information Worker Software: Addresses individual needs required to manage and
create information for individual projects within departments. E.g. Spreadsheets,
CAAT (Computer Assisted Audit Tools) etc.
 Content Access Software: Used to access contents and addresses a desire for
published digital content and entertainment. E.g. Media Players, Adobe Digital etc.
 Educational Software: Holds contents adopted for use by students. E.g.
Examination Test CDs.
 Media Development Software: Addresses individual needs to generate and print
electronic media for others to consume. E.g. Desktop Publishing, Video Editing etc.
(b) Major advantages of Database Management Systems (DBMS) are given as follows:
 Permitting data sharing: One of the principle advantages of a DBMS is that the
same information can be made available to different users.
 Minimizing Data Redundancy: In a DBMS duplication of information or redundancy
is, if not eliminated, carefully controlled or reduced i.e. there is no need to repeat the
same data repeatedly. Minimizing redundancy can therefore significantly reduce the
cost of storing information on hard drives and other storage devices.
 Integrity can be maintained: Data integrity is maintained by having accurate,
consistent, and up-to-date data. Updates and changes to the data only must be made
in one place in DBMS ensuring Integrity. The chances of making a mistake increase
if the same data needs to be changed at several different places than making the
change in one place.
 Program and file consistency: Using a DBMS, file formats and programs are
standardized. This makes the data files easier to maintain because the same rules
and guidelines apply across all types of data. The level of consistency across files
and programs also makes it easier to manage data when multiple programmers are
involved.

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.24

 User-friendly: DBMS makes the data access and manipulation easier for the user.
DBMS also reduce the reliance of users on computer experts to meet their data
needs.
 Improved security: DBMSs allow multiple users to access the same data resources
which could lead to risk to an enterprise if not controlled. Security constraints can be
defined i.e. Rules can be built to give access to sensitive data. Some sources of
information should be protected or secured and only viewed by select individuals.
Using passwords, database management systems can be used to restrict data access
to only those who should see it.
 Achieving program/data independence: In a DBMS data does not reside in
applications but data bases program & data are independent of each other.
 Faster application development: In the case of deployment of DBMS, application
development becomes fast. The data is already therein databases, application
developer has to think of only the logic required to retrieve the data in the way a user
needs.
Major disadvantages of DBMS are as under:
 Cost: Implementing a DBMS system can be expensive and time-consuming,
especially in large enterprises. Training requirements alone can be quite costly.
 Security: Even with safeguards in place, it may be possible for some unauthorized
users to access the database. If one gets access to database, then it could be an all
or nothing proposition.
Question 19
Describe the following Recent technologies in the field of IT:
(i) iPad
(ii) Ultra Mobile PC (UMPC)
(iii) I-pod
Answer
(i) iPad: The iPad runs a version of iOS. iOS is designed for finger based use and has
none of the tiny features which required a stylus on earlier tablets. Apple introduced
responsive multi touch gestures, like moving two fingers apart to zoom in. iOS uses
less power, and so gives better battery life than the Intel devices used by Windows
tablets.
(ii) Ultra Mobile PC (UMPC): An Ultra-Mobile PC is a small form factor version of a pen
computer, a class of laptop whose specifications were launched by Microsoft and Intel
in spring 2006. UMPCs are smaller than subnotebooks, have a TFT display measuring
(diagonally) about 12.7 to 17.8 cm (5 to 7 inch screen), are operated like tablet PCs

© The Institute of Chartered Accountants of India

 2.25 Information Technology

using a touch screen or a stylus, and can also have a physical keyboard.
(iii) iPod: The iPod is a line of portable media players designed and marketed by
Apple Inc. There are four current versions of the iPod: the ultra-compact iPod
Shuffle, the compact iPod Nano, the touch screen iPod Touch, and the hard drive-
based iPod Classic. Like other digital music players, iPods can serve as external
data storage devices. Storage capacity varies by model, ranging from 2 GB for
the iPod Shuffle to 160 GB for the iPod Classic.
Question 20
Write some Information Systems Control procedures covering the access safeguards
over computer programs.
Answer
(a) Information Systems Control procedures covering the access safeguards over
computer programs are as follows:
 Strategy and direction;
 General Organization and Management;
 Access to IT resources, including data and programs;
 System development methodologies and change control;
 Operation procedures;
 System Programming and technical support functions;
 Quality Assurance Procedures;
 Physical Access Controls;
 Business Continuity Planning(BCP) and Disaster Recovery Planning (DRP);
 Network and Communication;
 Database Administration; and
 Protective and detective mechanisms against internal and external attacks.

Exercise

1. Discuss some of the benefits of using a Computer Network.

2. What are the Output devices? Discuss some of the examples of output devices.
3. What are the objectives of System Maintenance in SDLC?
4. Discuss some of the different parameters undertaken during Feasibility Study in SDLC.
5. Discuss some of the issues a computer network addresses to?

© The Institute of Chartered Accountants of India

 Information Systems and IT Fundamentals 2.26

6. What are the major activities involved in the Conversion phase of System Implementation in SDLC?
7. Give some examples of business applications of Mobile computing?
8. Discuss different types of Application Software.
9. What are the advantages and disadvantages of the following:
(a) Application Software (b) DBMS

© The Institute of Chartered Accountants of India